Fixed security issue and ci

[dorayakikun]

Fixed below issue. (and CI)

https://www.npmjs.com/advisories/786

[codecov]

Codecov Report

Merging #49 into master will increase coverage by 1.11%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master      #49      +/-   ##
==========================================
+ Coverage   83.93%   85.05%   +1.11%     
==========================================
  Files          17       17              
  Lines         610      562      -48     
==========================================
- Hits          512      478      -34     
+ Misses         98       84      -14

Impacted Files	Coverage Δ
lib/utils/apply-action.js	62.5% <0%> (-1.39%)	⬇️
lib/utils/copy-file.js	70.45% <0%> (-0.7%)	⬇️
lib/utils/watcher.js	84.37% <0%> (+2.06%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 692b67b...d44d882. Read the comment docs.

[bcomnes]

Would love to see this land!

[danielfigueiredo]

👍 to see this landing, thanks for the PR!
There are currently two duplicated issues related to this:
#47
#48

[dorayakikun]

@mysticatea Could you review it?

[antipalindrome]

@mysticatea This would be great if we could get it. This is the only thing erroring on my audits!

[marcospgp]

@mysticatea Please have a look

[TidyIQ]

It seems like this project has been abandoned by @mysticatea

Perhaps you could fork this and create a new npm package?

[bcomnes]

I think declaring abandon is a leap since it’s still works perfectly well. My guess is it’s a matter of notification vs abandonment.

Has anyone tried reaching out via other channels yet?

[McSam27]

Any updates on this? Is there a maintained fork? Or is there any news from mystic?

[bcomnes]

I emailed @mysticatea a few days ago but haven't heard back.

[bcomnes]

I never heard back. No problem.

In the meantime, I forked to cpx2 here: https://github.com/bcomnes/cpx2/pull/1/files

It still has the cpx bin name, so it can be swapped out without any changes to code bases. I use it on lots of things, so I'll try to keep it up to date as needed with greenkeeper and such. I don't have any large refactoring or plans to change it at all. Perhaps one day we can upstream the maintenance work ✌️

[jsomsanith-tlnd]

Hi, this PR hasn't moved since August. Do you have any idea when this will be merged/released ?
Thank you for your time and work BTW :)

[koresar]

TL;DR: the solution is to remove unmaintined cpx and use identical but maintained cpx2.

Thanks @bcomnes

[dorayakikun]

I think it will be migrated to cpx2 in the future so that I will close it.
Thanks to @bcomnes